Following the instructions at https://certbot.eff.org/#ubuntuxenial-apache didn’t do it for me. With Apache, it’s always tricky. I’m currently using a bitnami WordPress EC2 instance, so I had to figure out the certbot stuff.
It was actually not that hard. As with many command line tools, everything starts with reading the documentation 🙂
The certonly option does the trick! Always. Otherwise, the tool tries to be clever and figure out your apache environment (Mmmmm……)
In my case after installing the certbot on ubuntu I issued:
sudo ./certbot-auto certonly --webroot -w /opt/bitnami/apache2/htdocs/ -d www.martinrosselle.com
The webroot is the most important part, this is where the domain verification file is put to automate the certificate issuance (the CA has to know that you are what you pretend to be – at that domain!!)
After a successful command, you simply copy the key material to the correct destination. In my case I copied the certbot created certificate and private key to my home directory:
sudo cp /etc/letsencrypt/live/www.martinrosselle.com/fullchain.pem . sudo cp /etc/letsencrypt/live/www.martinrosselle.com/privkey.pem .
After that you simply have to move/copy them to the correct place:
sudo cp fullchain.pem /opt/bitnami/apache2/conf/server.crt sudo cp privkey.pem /opt/bitnami/apache2/conf/server.key
Depending on your WordPress installation above procedure needs to be adapted to the correct paths. But besides that, there is nothing more to it.
Yes, there is, restart your apache : sudo apachectl -k restart
Next post I will cover the automatic rollover…